feat(chart): add CiliumNetworkPolicy (#146)

sebastiangaiser · web-flow · commit e00778727824 · 2025-10-13T11:51:04.000+02:00
Signed-off-by: Sebastian Gaiser &lt;sebastiangaiser@users.noreply.github.com&gt;
diff --git a/chart/templates/ciliumnetworkpolicy.yaml b/chart/templates/ciliumnetworkpolicy.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.flavor "cilium") -}}
+---
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: {{ include "ca-controller-for-strimzi.fullname" . }}
+spec:
+  endpointSelector:
+    matchLabels:
+      {{- include "ca-controller-for-strimzi.selectorLabels" . | nindent 6 }}
+  egress:
+    - toEntities:
+        - kube-apiserver
+    {{- if and .Values.networkPolicy.cilium .Values.networkPolicy.cilium.egress }}
+    {{- toYaml .Values.networkPolicy.cilium.egress | nindent 4 }}
+    {{- end }}
+  {{- if and .Values.networkPolicy.cilium .Values.networkPolicy.cilium.ingress }}
+  ingress:
+    {{- toYaml .Values.networkPolicy.cilium.ingress | nindent 4 }}
+  {{- end }}
+{{- end -}}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -41,3 +41,29 @@ extraContainers: []
 
 env: {}
 envFrom: []
+
+networkPolicy:
+  enabled: false
+  flavor: cilium
+  cilium:
+    egress: []
+      # - toEndpoints:
+      #     - matchLabels:
+      #         io.kubernetes.pod.namespace: kube-system
+      #         app.kubernetes.io/instance: coredns
+      #         app.kubernetes.io/name: coredns
+      #   toPorts:
+      #     - ports:
+      #         - port: "53"
+      #           protocol: UDP
+      #         - port: "53"
+      #           protocol: TCP
+    ingress: []
+      # - fromEndpoints:
+      #     - matchLabels:
+      #         io.kubernetes.pod.namespace: monitoring
+      #         app.kubernetes.io/name: prometheus
+      #   toPorts:
+      #     - ports:
+      #         - port: http
+      #           protocol: TCP
